Packages changed:
389-ds (3.0.1~git39.e24615f -> 3.1.1~git0.aef1668)
MozillaFirefox (128.0 -> 128.0.3)
coreutils
coreutils-systemd
git (2.45.2 -> 2.46.0)
libX11 (1.8.9 -> 1.8.10)
libzypp (17.35.1 -> 17.35.6)
openSUSE-release (20240730 -> 20240731)
p11-kit
perl-Bootloader (1.13 -> 1.14)
python-cryptography (42.0.8 -> 43.0.0)
python-pycairo (1.26.0 -> 1.26.1)
python311
python311-core
systemd-presets-branding-Aeon
sysuser-tools (3.2 -> 3.3)
=== Details ===
==== 389-ds ====
Version update (3.0.1~git39.e24615f -> 3.1.1~git0.aef1668)
Subpackages: lib389 libsvrcore0
- Update to version 3.1.1~git0.aef1668:
* Bump version to 3.1.1
* Issue 6256 - nsslapd-numlisteners limit is not enforced (#6257)
* Issue 5327 - Fix test metadata
* Security fix for CVE-2024-6237
* Security fix for CVE-2024-5953
* Security fix for CVE-2024-3657
* Security fix for CVE-2024-2199
* Issue 6256 - nsslapd-numlisteners limit is not enforced
* Issue 6265 - lmdb - missing entries in range searches (#6266)
* Issue 5853 - Update Cargo.lock
* Bump openssl from 0.10.64 to 0.10.66 in /src
* Issue 6245 - Revert __COVERITY__ ifndef (#6268)
* Issue 6248 - fix fanalyzer warnings (#6253)
* Issue 6238 - Fix test_audit_json_logging CI test regression (#6264)
* Issue 6254 - Enabling replication for a sub suffix crashes browser (#6255)
* Issue 6155 - ldap-agent fails to start because of permission error (#6179)
* Issue 6238 - RFE - add option to write audit log in JSON format
* Issue 6216 - CI test_fast_slow_import sometime fail (#6247)
* Issue 6245 - covscan fixes (#6246)
* Issue 6241 - Add support for CRYPT-YESCRYPT (#6242)
* Issue 6229 - After an initial failure, subsequent online backups fail (#6230)
* Issue 6236 - rpm: fix compatibility with RPM 4.20
* Issue 6227 - dsconf schema does not show inChain matching rule (#6228)
* Issue 6233 - CI test wait_for_async_feature_test sometime fails (#6234)
* Bump ws from 7.5.9 to 7.5.10 in /src/cockpit/389-console
* Issue 6224 - d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes (#6225)
* Issue 6222 - CI test acl/test_timeofday_keyword sometime fails (#6223)
* Issue 6120 - /usr/lib64/dirsrv/plugins/libback-bdb.so has an invalid-looking DT_RPATH: /usr/lib/dirsrv
* Issue 5772 - ONE LEVEL search fails to return sub-suffixes (#6219)
* Issue 6183 - Slow ldif2db import on a newly created BDB backend (#6208)
* Issue 6207 - Random crash in test_long_rdn CI test (#6215)
* Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console
* Issue 6191 - Node.js 16 actions are deprecated
* Issue 6199 - unprotected search query during certificate based authentication (#6205)
* Issue 6200 - Disable WebUI CI tests
* Issue 6192 - Test failure: test_match_large_valueset
* Issue 6181 - RFE - Allow system to manage uid/gid at startup
* Issue 6188 - Add nsslapd-haproxy-trusted-ip to cn=schema (#6201)
* Issue 6181 - RFE - Allow system to manage uid/gid at startup (#6182)
* Issue 6170 - audit log buffering doesn't handle large updates
* Issue 6193 - Test failure: test_tls_command_returns_error_text
* Issue 6177 - Spec file cleanup
* Issue 6189 - CI tests fail with `[Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'`
* Issue 6175 - Referential integrity plugin - in referint_thread_func does not handle null from ldap_utf8strtok (#6168)
* Change default salt sizes generated in crypt_pwd (#6185)
* Issue 6123 - Allow DNA plugin to reuse global config for bind method and connection protocol (#6124)
* Issue 6159 - Add a test to check URP add and delete conflict (#6160)
* Issue 6151 - Use %bcond macro for conditional builds in the spec file
* Issue 6172 - RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) (#6173)
* Bump version to 3.1.0
* fix issue6165 (#6167)
==== MozillaFirefox ====
Version update (128.0 -> 128.0.3)
Subpackages: MozillaFirefox-translations-common
- Firefox 128.0.3 Release
* Fixed: Fixed an issue causing some sites to not load when
connecting via HTTP/2. (bmo#1908161, bmo#1909666)
* Fixed: Fixed collapsed table rows not appearing when expected
in some situations. (bmo#1907789)
* Fixed: Fixed the Windows on-screen keyboard potentially
concealing the webpage when displayed. (bmo#1907766)
- Firefox 128.0.2 Release
* Fixed: Fixed an audio echo in video calls on macOS under
certain conditions. (bmo#1908539)
* Fixed: Fixed an issue where the Adguard extension popup was
not displaying. (bmo#1906132)
* Fixed: Fixed an issue causing some screen readers to fail to
read when navigating by character in rich text editors. (Bug
1905021)
* Fixed: Fixed visual glitches when dark mode is enabled in
Windows ARM devices. (bmo#1897444)
* Fixed: Fixed an issue causing NTLM authentication failure.
(bmo#1908115)
* Fixed: Fixed an issue where content displayed on mouseover
was not captured in a screenshot. (bmo#1905468)
* Fixed: Various stability fixes.
- renamed firefox-3781e3117706.patch to mozilla-bmo1905018.patch
to conform with patch structure and naming for the package
==== coreutils ====
Subpackages: coreutils-lang
- Avoid empty scriptlets
==== coreutils-systemd ====
- Avoid empty scriptlets
==== git ====
Version update (2.45.2 -> 2.46.0)
Subpackages: git-core git-email git-svn git-web perl-Git
- update to 2.46.0
UI, Workflows & Features
* The "--rfc" option of "git format-patch" learned to take an
optional string value to be used in place of "RFC" to tweak the
"[PATCH]" on the subject header.
* The credential helper protocol, together with the HTTP layer, have
been enhanced to support authentication schemes different from
username & password pair, like Bearer and NTLM.
* Command line completion script (in contrib/) learned to complete
"git symbolic-ref" a bit better (you need to enable plumbing
commands to be completed with GIT_COMPLETION_SHOW_ALL_COMMANDS).
* When the user responds to a prompt given by "git add -p" with an
unsupported command, list of available commands were given, which
was too much if the user knew what they wanted to type but merely
made a typo. Now the user gets a much shorter error message.
* The color parsing code learned to handle 12-bit RGB colors, spelled
as "#RGB" (in addition to "#RRGGBB" that is already supported).
* The operation mode options (like "--get") the "git config" command
uses have been deprecated and replaced with subcommands (like "git
config get").
* "git tag" learned the "--trailer" option to futz with the trailers
in the same way as "git commit" does.
* A new global "--no-advice" option can be used to disable all advice
messages, which is meant to be used only in scripts.
* Updates to symbolic refs can now be made as a part of ref
transaction.
* The trailer API has been reshuffled a bit.
* Terminology to call various ref-like things are getting
straightened out.
* The command line completion script (in contrib/) has been adjusted
to the recent update to "git config" that adopted subcommand based
UI.
* The knobs to tweak how reftable files are written have been made
available as configuration variables.
* When "git push" notices that the commit at the tip of the ref on
the other side it is about to overwrite does not exist locally, it
used to first try fetching it if the local repository is a partial
clone. The command has been taught not to do so and immediately
fail instead.
* The promisor.quiet configuration knob can be set to true to make
lazy fetching from promisor remotes silent.
* The inter/range-diff output has been moved to the end of the patch
when format-patch adds it to a single patch, instead of writing it
before the patch text, to be consistent with what is done for a
cover letter for a multi-patch series.
* A new command has been added to migrate a repository that uses the
files backend for its ref storage to use the reftable backend, with
limitations.
* "git diff --exit-code --ext-diff" learned to take the exit status
of the external diff driver into account when deciding the exit
status of the overall "git diff" invocation when configured to do
so.
* "git update-ref --stdin" learned to handle transactional updates of
symbolic-refs.
* "git format-patch --interdiff" for multi-patch series learned to
turn on cover letters automatically (unless told never to enable
cover letter with "--no-cover-letter" and such).
* The "--heads" option of "ls-remote" and "show-ref" has been been
deprecated; "--branches" replaces "--heads".
* For over a year, setting add.interactive.useBuiltin configuration
variable did nothing but giving a "this does not do anything"
warning. The warning has been removed.
* The http transport can now be told to send request with
authentication material without first getting a 401 response.
* A handful of entries are added to the GitFAQ document.
* "git var GIT_SHELL_PATH" should report the path to the shell used
to spawn external commands, but it didn't do so on Windows, which
has been corrected.
Performance, Internal Implementation, Development Support etc.
* Advertise "git contacts", a tool for newcomers to find people to
ask review for their patches, a bit more in our developer
documentation.
* In addition to building the objects needed, try to link the objects
that are used in fuzzer tests, to make sure at least they build
without bitrot, in Linux CI runs.
* Code to write out reftable has seen some optimization and
simplification.
* Tests to ensure interoperability between reftable written by jgit
and our code have been added and enabled in CI.
* The singleton index_state instance "the_index" has been eliminated
by always instantiating "the_repository" and replacing references
to "the_index" with references to its .index member.
* Git-GUI has a new maintainer, Johannes Sixt.
* The "test-tool" has been taught to run testsuite tests in parallel,
bypassing the need to use the "prove" tool.
* The "whitespace check" task that was enabled for GitHub Actions CI
has been ported to GitLab CI.
* The refs API lost functions that implicitly assumes to work on the
primary ref_store by forcing the callers to pass a ref_store as an
argument.
* Code clean-up to reduce inter-function communication inside
builtin/config.c done via the use of global variables.
* The pack bitmap code saw some clean-up to prepare for a follow-up topic.
* Preliminary code clean-up for "git send-email".
* The default "creation-factor" used by "git format-patch" has been
raised to make it more aggressively find matching commits.
* Before discovering the repository details, We used to assume SHA-1
as the "default" hash function, which has been corrected. Hopefully
this will smoke out codepaths that rely on such an unwarranted
... changelog too long, skipping 230 lines ...
(merge 616e94ca24 tb/doc-max-tree-depth-fix later to maint).
==== libX11 ====
Version update (1.8.9 -> 1.8.10)
Subpackages: libX11-6 libX11-data libX11-xcb1
- Update to 1.8.10; this release includes:
* Re-fix XIM input sometimes jumbled (#205, #206, #207, #208, !246)
* Fix various static analysis errors (!250)
* Add compose sequences for Arabic hamza (!218), Ezh (!221), and
hryvnia currency (!259)
* Make colormap private interfaces thread safe (#215, !254)
* Fix deadlock in XRebindKeysym() (!256)
* Assorted memory handling cleanups (!251, !258)
* Restore VAX support still in use by NetBSD (!257)
==== libzypp ====
Version update (17.35.1 -> 17.35.6)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
==== openSUSE-release ====
Version update (20240730 -> 20240731)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== p11-kit ====
Subpackages: libp11-kit0 libp11-kit0-32bit p11-kit-tools
- Added a backport of an upstream commit in p11-kit-d938f4a8a3a2.patch
to avoid passing an incompatible pointer type to a function which is
an error by default in GCC 14.
==== perl-Bootloader ====
Version update (1.13 -> 1.14)
- merge gh#openSUSE/perl-bootloader#169
- support grub2-bls (bsc#1226676, bsc#1208135)
- better config file reading
- add check whether bootloader is supported
- unit test output changed, adjust reference data
- adjust GRUB_ENABLE_BLSCFG when setting grub2-bls
- add config, install, add-kernel, remove-kernel for grub2-bls
- support --default option for grub2*
- unify cmdline parsing code and move to library
- add missing options for bls conforming loaders
- updated tests
- unify test case names
- adjust documentation
- 1.14
==== python-cryptography ====
Version update (42.0.8 -> 43.0.0)
- update to 43.0.0:
* BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e
has been removed. Users on older version of OpenSSL will
need to upgrade.
* BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
* Updated Windows, macOS, and Linux wheels to be compiled with
OpenSSL 3.3.1.
* Updated the minimum supported Rust version (MSRV) to 1.65.0,
from 1.63.0.
* :func:`~cryptography.hazmat.primitives.asymmetric.rsa.generat
e_private_key` now enforces a minimum RSA key size of
1024-bit. Note that 1024-bit is still considered insecure,
users should generally use a key size of 2048-bits.
* :func:`~cryptography.hazmat.primitives.serialization.pkcs7.se
rialize_certificates` now emits ASN.1 that more closely
follows the recommendations in RFC 2315.
* Added new :doc:`/hazmat/decrepit/index` module which contains
outdated and insecure cryptographic primitives. :class:`~cryp
tography.hazmat.primitives.ciphers.algorithms.CAST5`, :class:
`~cryptography.hazmat.primitives.ciphers.algorithms.SEED`, :c
lass:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA
`, and :class:`~cryptography.hazmat.primitives.ciphers.algori
thms.Blowfish`, which were deprecated in 37.0.0, have been
added to this module. They will be removed from the cipher
module in 45.0.0.
* Moved :class:`~cryptography.hazmat.primitives.ciphers.algorit
hms.TripleDES` and :class:`~cryptography.hazmat.primitives.ci
phers.algorithms.ARC4` into :doc:`/hazmat/decrepit/index` and
deprecated them in the cipher module. They will be removed
from the cipher module in 48.0.0.
* Added support for deterministic
:class:`~cryptography.hazmat.primitives.asymmetric.ec.ECDSA`
(RFC 6979)
* Added support for client certificate verification to the
:mod:`X.509 path validation <cryptography.x509.verification>`
APIs in the form of
:class:`~cryptography.x509.verification.ClientVerifier`,
:class:`~cryptography.x509.verification.VerifiedClient`, and
PolicyBuilder :meth:`~cryptography.x509.verification.PolicyBu
ilder.build_client_verifier`.
* Added Certificate :attr:`~cryptography.x509.Certificate.publi
c_key_algorithm_oid` and Certificate Signing Request :attr:`~
cryptography.x509.CertificateSigningRequest.public_key_algori
thm_oid` to determine the
:class:`~cryptography.hazmat._oid.PublicKeyAlgorithmOID`
Object Identifier of the public key found inside the
certificate.
* Added :attr:`~cryptography.x509.InvalidityDate.invalidity_dat
e_utc`, a timezone-aware alternative to the naïve datetime
attribute
:attr:`~cryptography.x509.InvalidityDate.invalidity_date`.
* Added support for parsing empty DN string in
:meth:`~cryptography.x509.Name.from_rfc4514_string`.
* Added the following properties that return timezone-aware
datetime objects:
:meth:`~cryptography.x509.ocsp.OCSPResponse.produced_at_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.revocation_time_u
tc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.this_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPResponse.next_update_utc`,
:meth:`~cryptography.x509.ocsp.OCSPSingleResponse.revocation_
time_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleResponse.
this_update_utc`, :meth:`~cryptography.x509.ocsp.OCSPSingleRe
sponse.next_update_utc`, These are timezone-aware variants of
existing properties that return naïve datetime objects.
* Added :func:`~cryptography.hazmat.primitives.asymmetric.rsa.r
sa_recover_private_exponent`
* Added :meth:`~cryptography.hazmat.primitives.ciphers.CipherCo
ntext.reset_nonce` for altering the nonce of a cipher context
without initializing a new instance. See the docs for
additional restrictions.
* :class:`~cryptography.x509.NameAttribute` now raises an
exception when attempting to create a common name whose
length is shorter or longer than RFC 5280 permits.
* Added basic support for PKCS7 encryption (including SMIME)
via :class:`~cryptography.hazmat.primitives.serialization.pkc
s7.PKCS7EnvelopeBuilder`.
- add use-offline-build.patch
==== python-pycairo ====
Version update (1.26.0 -> 1.26.1)
- Update to 1.26.1
* Fix Surface.set_mime_data() with Python 3.13 :pr:`366`
This also fixes the test suite with Python 3.13b2.
* Update vendored Windows wheel dependencies :pr:`370`
==== python311 ====
Subpackages: python311-curses python311-dbm python311-x86-64-v3
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
==== python311-core ====
Subpackages: libpython3_11-1_0 libpython3_11-1_0-x86-64-v3 python311-base python311-base-x86-64-v3
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Adding bso1227999-reproducible-builds.patch fixing bsc#1227999
adding reproducibility patches from gh#python/cpython!121872
and gh#python/cpython!121883.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
==== systemd-presets-branding-Aeon ====
- Enable aeon-check.service (boo#1228416)
==== sysuser-tools ====
Version update (3.2 -> 3.3)
- Allow setting of UID:GID for as defined in sysusers.d